Sertificate readme refactor and updated application-example file

config/application-example.yml

@@ -21,3 +21,7 @@ webclient_ip: '127.0.0.1'
 # autotest config overwrites
 test:
   webclient_ip: '127.0.0.1' # it should match to localhost ip address
+  ca_cert_path: '/var/lib/jenkins/workspace/registry/ca/certs/ca.crt.pem'
+  ca_key_path:  '/var/lib/jenkins/workspace/registry/ca/private/ca.key.pem'
+  ca_key_password: 'test'
+

doc/certificates.md

@@ -16,6 +16,16 @@ Private key and certificate must be packaged to pkcs12 and added to user browser
 
 ### Registry setup
 
+Setup CA directory in shared directory:
+
+    cd /home/registry/registry/shared
+    mkdir ca ca/certs ca/crl ca/newcerts ca/private ca/csrs
+    cd ca
+    chmod 700 private
+    touch index.txt
+    echo 1000 > serial
+    echo 1000 > crlnumber
+
 Configure OpenSSL:
 
     sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.bak
@@ -53,16 +63,6 @@ Make sure the following options are in place:
     basicConstraints = CA:true                                    # around line nr 240
     keyUsage = cRLSign, keyCertSign                               # around line nr 245
 
-Setup CA directory in shared directory:
-
-    cd /home/registry/registry/shared
-    mkdir ca ca/certs ca/crl ca/newcerts ca/private ca/csrs
-    cd ca
-    chmod 700 private
-    touch index.txt
-    echo 1000 > serial
-    echo 1000 > crlnumber
-
 Generate the root key and remember your password, you need it later in application.yml: 
 
     openssl genrsa -aes256 -out private/ca.key.pem 4096